Tuesday, March 24, 2015

Warning to Gamers About Ransomware

Ransomware is a type of malicious software designed to block access to a computer system or files on that system, until a sum of money is paid to the attacker.

A little over a week ago, security researchers at Bromium Labs announced that they had discovered a new “crypto-ransomware” deemed “TeslaCrypt.” This is a variant of previously found malware, CryptoLocker, and is specifically targeting gamers. However, some reports say that the ransomware has also affected other file types like Word docs, Excel files, PowerPoint, and images.

Users are affected by visiting a compromised website (based on WordPress), which redirects them to the Angler exploit kit by using a Flash clip. Once the attack has occurred, the attacker encrypts the data and ransoms the files for either $1000 in PayPal My Cash or 1.5BTC in Bitcoins. Of course, this doesn’t always mean the attacker is going to give you back your files, so it’s best to always keep files backed up on another device or within the cloud.

This malware impacts data files for over 20 games, including the following:

Bethesda Softworks settings file

F.E.A.R. 2 game

Steam NCF Valve Pak

Call of Duty

EA Sports

Unreal 3

Unity scene

Assassin’s Creed game

Skyrim animation

Bioshock 2

Leagues of Legends

DAYZ profile file

RPG Maker VX RGSS

World of Tanks battle

Minecraft mod

Unreal Engine 3 game file

Starcraft saved game

S.T.A.L.K.E.R. game file

Dragon Age Origins game

For more details on how this ransomware works, McAfee has done a great job of outlining the information and what happens as the attack occurs.